Securing the cluster with Role-Based Access Control (RBAC) In Kubernetes version 1.8.0, the RBAC authorization plugin graduated to GA (General Availability) and is now enabled by default on many clusters. RBAC prevents unauthorized users from viewing or modifying the cluster state. The default Service-Account…
About the API server The Kubernetes API server is the central component used by all other components and by clients, like kubectl. It provides a CRUD (Create, Read, Update, Delete) interface for querying and modifying the cluster state over a RESTful API. It stores…
AWS Approach It’s a big change—and in business, big changes don’t stick unless they’re backed by firm commitments from leadership. So, before cloud migration can begin in earnest, you’ll need to ensure that you establish buy-in across all key stakeholders. Failing to do so…
Kubernetes Pod Networking Traditional Docker networking allows all containers on a host to reach one another over private IP addresses on a virtual bridge on each host. Port forwarding can also be configured on the host to provide external access to containers on an…
Regarding networking, Kubernetes impose only three simple but powerful rules: 1. All nodes in the cluster must be able to talk to each other. 2. All pods on the network can communicate with each other without NAT. 3. Every…